Changing the event search conditions

To change the event search conditions, perform the following actions in the Threat Hunting section of the program web interface window:

1. Click the form containing the event search conditions in the upper part of the window.
2. Select one of the following tabs:
   • Builder, if you want to change the event search conditions in design mode.
   • Source code, if you want to change the event search conditions in source code mode.
3. Make the relevant changes.
4. Click one of the following buttons:
   • Refresh, if you want to refresh the current event search with the new conditions.
   • New search, if you want to perform a new event search.

The table of events that satisfy the search criteria is displayed.

See also Events database threat hunting Searching events in source code mode Searching events in design mode Sorting events in the table Searching events by processing results in EPP programs Uploading an IOC file and searching for events based on conditions defined in the IOC file Creating a user-defined TAA (IOA) rule based on event search conditions

Page top